Article Details
Scrape Timestamp (UTC): 2025-07-17 15:53:39.574
Original Article Text
Click to Toggle View
Max severity Cisco ISE bug allows pre-auth command execution, patch now. A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices. The security issue received the maximum severity rating, 10 out of 10, and is caused by insufficient user-supplied input validation checks. It was discovered by Kentaro Kawane, a researcher at the Japanese cybersecurity service GMO Cybersecurity by Ierae, and reported Trend Micro's Zero Day Initiative (ZDI). A remote unauthenticated attacker could leverage it by submitting a specially crafted API request The vulnerability was added via an update to the security bulletin for CVE-2025-20281 and CVE-2025-20282, two similar RCE vulnerabilities that also received the maximum severity score, that impact ISE and ISE-PIC versions 3.4 and 3.3. "These vulnerabilities affect Cisco ISE and ISE-PIC releases 3.3 and 3.4, regardless of device configuration," the vendor notes for CVE-2025-20281 and CVE-2025-20337, adding that "these vulnerabilities do not affect Cisco ISE and ISE-PIC Release 3.2 or earlier." Any of the three security issues can be exploited independently. Cisco also warns that customers who applied the patches for CVE-2025-20281 and CVE-2025-20282 are not covered from CVE-2025-20337, and need to upgrade to ISE 3.3 Patch 7 or ISE 3.4 Patch 2. The product versions below are the only ones currently confirmed to address all three maximum severity vulnerabilities. Workarounds or other mitigations are not available. Although no exploitation of any of the three vulnerabilities has been observed in the wild as of yet, it is recommended that system administrators take immediate action to mitigate the risks. Also yesterday, Cisco released four more bulletins covering other vulnerabilities across its products, summarized as follows: 8 Common Threats in 2025 While cloud attacks may be growing more sophisticated, attackers still succeed with surprisingly simple techniques. Drawing from Wiz's detections across thousands of organizations, this report reveals 8 key techniques used by cloud-fluent threat actors.
Daily Brief Summary
A severe vulnerability in Cisco's Identity Services Engine (ISE), identified as CVE-2025-20337, allows unauthenticated attackers to execute commands and potentially gain root access.
The security flaw, rated 10/10 in severity, arose due to insufficient validation of user-supplied input in certain API requests.
The vulnerability was discovered by Kentaro Kawane and reported through Trend Micro's Zero Day Initiative.
This vulnerability impacts Cisco ISE and ISE-PIC versions 3.3 and 3.4, but not earlier versions like 3.2.
Cisco has released patches specifically for ISE versions 3.3 and 3.4 to address this critical issue and two other related vulnerabilities.
No practical workarounds are available; system administrators are urged to apply the necessary patches immediately to mitigate risks.
Although no exploits of this vulnerability have been detected in the wild, the potential for severe system compromise makes immediate action essential.
Additional Cisco bulletins released address various security issues, but CVE-2025-20337 requires particular attention due to its critical nature and high potential impact.